By David Fleet
Atlas Twp.- They are professional hackers and the threat is real.
That’s how Doug Witten, a cyber defense program director at Flint based-Baker College describes the recent attacks via ransomeware on area municipalities.
“They are professionals hackers and extortionist. Their attack is real,” said Witten. “These hackers have a profit motive.”
In the early morning hours of Feb. 14 the Atlas township office computers were victimized by ransomware. Township Clerk Katie Vick reported the malware computer program that infects then locks and takes control of a system, demanding a ransom to undo it, during the township board of trustee on March 18. Ransomware infected the township computers, about 2 a.m. with the intention of extorting money to recover the files.
Dawn Yon deputy treasurer reported the message that all the township files have been encrypted with the ransomware called PHOBOS. Money in the form of Bitcoin was requested by the suspect. Bitcoin is a digital currency, a form of electronic cash.
The currency can be converted into cash when deposited into accounts at prices set in online trading. The ransomware email offered five files for decryption for free. The total ransom cost was contingent on how fast the victim responded, reported Vick.
Soon after the attack township Information Technology (IT) manager solved the ransomware issue for less than the $2,500 deductible required for The Travelers cyber insurance policy that had went into effect on Jan. 27. The premium was $1,300 per year.
Despite the attack, on Monday night the Atlas Board of Trustees voted 5-0 to cancel the cyber insurance policy with a prorated refund.
“You demonstrated you are well qualified to handle your issues,” said David Lattie, township attorney, during Monday’s meeting.
Ransomware attacks like the township experienced are not uncommon.
“The worst case scenario would be a situation like the county (experienced) where all of our computers were locked up,” said Vick. “It could happen. Has anyone had any second thoughts on it (cancelling the policy) because of the (Genesee) County situation? “I don’t know if that changes anything, but I think we are OK.”
The attack Vick is referring to was on April 2 that started with a message asking Genesee County for payment to release the files.
The county paid no fee for the release of the information and did not respond to the request, said Mark Young, Genesee County Commissioner District 5 that includes Atlas Township.
“They (hackers) did not receive any data,” said Young. “We restored files from a backup and some assistance from Oakland County. The Genesee (County) IT department was able to isolate the attack and stop further encryption of information.”
The ransomware issue was narrowed down to a monitor in one of the county court offices that was using an outdated Window XP on a computer.
“Nearly all networks were impacted but, our payroll system was not,” he said. “This was a wakeup call. You have to make sure your are doing the basics and just anti-virus is not good enough.”
The county was able to restore from backup, said Young.
On March 28, Genesee County signed a deal with ACCESS for additional IT support.
“On Tuesday April 2 the ransomware hit,” he said. “It’s an ongoing process to keep out security active.”
The impact of a ransomware attack on Genesee County’s computer network continues to linger weeks later, a factor Cyber Defense Director Doug Witten hopes draws attention to a serious problem.
“Prevention is the key,” said Witten. “The first thing they (hackers) go after is the backups—the victims then can’t operate and they at their mercy. They know most businesses don’t have an emergency plan—if you don’t plan ahead you’re fair game.”
A professional security review is necessary, added Witten.
“Especially for small business,” he said. “The businesses with old equipment are at risk—they attack on their servers. That’s the honey at the end of the rainbow for hackers.”
Russia, China and North Korea are hot spots for ransomware, he said.
“They are using Bitecoin which is untraceable,” he said. “It’s going to cost you time and money. They will go after your PC and your personal stuff that’s valuable to you. It’s serious and all are at risk.”
Any questions contact Witten firstname.lastname@example.org